Add frontend for block all requests in admin/network settings
requested to merge 377371-add-optional-default-block-all-rule-to-outbound-filtering-frontend into master
What does this MR do and why?
Add checkbox and warning alert to block all requests in admin/network settings.
This feature is behind the feature flag deny_all_requests
. There are pending backend changes in !110599 (merged) that are WIP (and maybe more MRs) before we roll out this feature.
Screenshots or screen recordings
Description | Before | After (without feature flag) | After (with feature flag) |
---|---|---|---|
Outbound requests - Allow selected | |||
Outbound requests - Block selected (if available) |
How to set up and validate locally
- Go to Admin > Settings > Network and expand the Outbound requests section. For example,
http://127.0.0.1:3000/admin/application_settings/network#js-outbound-settings
. - Enable the feature flag
deny_all_requests
in arails console
. - Apply the below diff to preview the changes.
diff --git a/app/views/admin/application_settings/_outbound.html.haml b/app/views/admin/application_settings/_outbound.html.haml
index ec2f064d085b..aa2dab1f2c00 100644
--- a/app/views/admin/application_settings/_outbound.html.haml
+++ b/app/views/admin/application_settings/_outbound.html.haml
@@ -1,4 +1,4 @@
-- deny_all_requests = Feature.enabled?(:deny_all_requests) ? @application_setting.deny_all_requests : false
+- deny_all_requests = Feature.enabled?(:deny_all_requests) ? @application_setting.dns_rebinding_protection_enabled : false
= gitlab_ui_form_for @application_setting, url: network_admin_application_settings_path(anchor: 'js-outbound-settings'), html: { class: 'fieldset-form' } do |f|
= form_errors(@application_setting)
@@ -6,7 +6,7 @@
%fieldset
.form-group
- if Feature.enabled?(:deny_all_requests)
- = f.gitlab_ui_checkbox_component :deny_all_requests,
+ = f.gitlab_ui_checkbox_component :dns_rebinding_protection_enabled,
s_('OutboundRequests|Block all requests, except for IP addresses, IP ranges, and domain names defined in the allowlist'),
checkbox_options: { class: 'js-deny-all-requests' }
= render Pajamas::AlertComponent.new(variant: :warning,
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #377371 (closed)
Edited by Justin Ho Tuan Duong